If you have both wifi and modem on, NetworkManager will generate a broken resolv.conf, since I think it can only have 3 entries due to musl limitations. (I think that's the reason at least.) Usually this isn't noticed since either modem or wifi's nameservers will work for day-to-day usage. But with mmsdtng, we MUST use the modem's nameserver to unpack the payload of MMS messages.
I ended up setting dns=none in /etc/NetworkManager/NetworkManager.conf and establishing a static /etc/resolv.conf.
But we need a more automatic solution for users, and unfortunately I haven't been smart enough to figure out what that solution would be.
So I thought I'd open this ticket in case someone can figure that out for us!
I noticed that phosh does the equivalent of this to make dns work better with both wifi and the modem active:
nmcli conn modify mymodemconn ipv4.dns-priority 120 nmcli conn modify mymodemconn ipv6.dns-priority 120
I also saw this fix for mmsd-tng's dns issue:
ForceCAres=true
that is mentioned here:
https://www.reddit.com/r/pinephone/comments/qm9wvr/getting_mms_working_on_mobian_tmobile/
Set dns=dnsmasq as a lazy solution, since dnsmasq is installed anyway in the sxmo package on postmarketos (idk why).
see section "dns" https://networkmanager.dev/docs/api/latest/NetworkManager.conf.html
In my setup I just use dnscrypt-proxy, set dns=none, and update resolv.conf to 127.0.0.1. It even encrypts the dns requests.
FYI yes indeed, DNS queries are not encrypted by default.